How to manage SSL (TLS) certificates¶
Server certificate validation¶
By default, when a remote is added, if the URL schema is https, the Conan client will verify
the certificate using a list of authorities declared in the cacert.pem file located in the Conan home (~/.conan).
If you have a self signed certificate (not signed by any authority) you have two options:
- Use the conan remote command to disable the SSL verification.
- Append your server
crtfile to thecacert.pemfile.
Client certificates¶
If your server is requiring client certificates to validate a connection from a Conan client, you need to create two files in the Conan home directory (default ~/.conan):
- A file
client.crtwith the client certificate. - A file
client.keywith the private key.
Note
You can create only the client.crt file containing both the certificate and the private key
concatenated and not create the client.key
If you are a familiar with the curl tool, this mechanism is
similar to specify the --cert / --key parameters.